New PHP packages fix vulnerabilities

Updated PHP packages are available for Red Hat Linux on IBM iSeries and
pSeries systems.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP server.

The mail function in PHP 4.x to 4.2.2 may allow local script authors to
bypass safe mode restrictions and modify command line arguments to an
MTA (such as Sendmail). Specifically, the fifth argument to mail() may be
modified, altering MTA behavior and possibly allowing the execution of
arbitrary local commands.

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control
characters from its arguments, which could allow remote attackers to
modify mail message content, including mail headers, and possibly use
PHP as a "spam proxy."

Script authors should note that all input should be checked for unsafe data
by any PHP scripts calling functions such as mail().

PHP versions 4.0.5 through 4.1.0 in safe mode do not properly cleanse
the 5th parameter to the mail() function. This vulnerability allows local
users and possibly remote attackers to execute arbitrary commands via shell
metacharacters.

Note that this PHP errata enforces memory limits on the size of the PHP
process to prevent a badly generated script from becoming a possible source
for a denial of service attack. The default process size is 8MB, though you
can adjust this as necessary through the php.ini directive memory_limit.
For example, to change the process memory limit to 4MB, add
the following:

memory_limit 4194304

Important Note:

Your original /etc/php.ini configuration file is not replaced or
overwritten. Therefore, you should carefully review your configuration file
and adapt it as necessary to your server or service functions.

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0986
http://marc.theaimsgroup.com/?l=bugtraq&m=103011916928204
http://online.securityfocus.com/archive/1/194425

mail, PHP, safemode